couchdb-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jan Lehnardt <...@apache.org>
Subject [REPORT] CouchDB
Date Sat, 11 Nov 2017 16:40:55 GMT
## Description:

- Seamless multi-master sync, that scales from Big Data to Mobile,
  with an Intuitive HTTP/JSON API and designed for Reliability.

## Issues:

- there are no issues requiring board attention at this time


## Activity:

- Released versions 2.1.1 and 1.7.0 in response to a critical
  secruty vulnerability being reported. Details are embargoed
  for a few more days at the time of writing of this report.
  CVE’s have been filed and should be out by the time of the
  board meeting.
- Released version 1.7.1 because 1.7.0 included an unintentional
  API break.
- Barring any other major security issues, this will have been
  the last release in the 1.x.x line.
- 2.1.1 included a flurry of other improvements and performance
  advancements an follows relatively shortly after 2.1.0 (August),
  showcasing the advance in CI reliability and breadth allowing
  for faster and more confident releases (just wish we had that
  in place for 1.x.x so we could have avoided 1.7.1, alas).
- Late response	to a March Board Report	question by `mt`
  (again, all formal apologies for the delay). In January 2017,
  CouchDB was in the news about	data leaks and ransom scenarios,
  citing CouchDB’s “open by default” setup. In short CouchDB 1.x
  has followed an open-by-default strategy to make it easy for
  new users to get started. The	main mitigating	factor only
  binding to 127.0.0.1,	and requiring an explicit admin	step
  to bind to a public IP. 10 years in the strategy worked, but
  it is	also time to shed that legacy. CouchDB 2.x default
  setup	requires an admin password to be set, even on 127.0.0.1.
  This is a big	improvement, but leaves	a few more ways	until
  we get to a closed-by-default	sitaution. We’re expecting a
  full transition to be	done by	CouchDB	3.0.


## Health report:

- CouchDB is doing fine. Unprecedented	activity in Q3 of work
  that ended up	in a release already. We aim to keep up	a
  quarterly release cadence.

## PMC changes:

- Currently 15 PMC members.
- Nick Vatamaniuc was added to the PMC on Tue Nov 07 2017

## Committer base changes:

- Currently 60 committers.
- New commmitters:
   - Mayya Sharipova was added as a committer on Thu Aug 31 2017
   - Will Holley was added as a committer on Thu Aug 31 2017

## Releases:

- 1.7.0 was released on Mon Nov 06 2017
- 1.7.1 was released on Sat Nov 11 2017
- 2.1.1 was released on Mon Nov 06 2017



Mime
View raw message